Run container as non-root user

Add USER 65534:65534 to the scratch runtime image so the checker process does not run as root.
2026-04-26 01:10:32 +07:00 · 2026-04-26 01:10:32 +07:00 · bf409ba33c
commit bf409ba33c
parent a9a704c0ff
1 changed files with 1 additions and 0 deletions
--- a/1
+++ b/1
@ -10,5 +10,6 @@ RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${CHECKER_VERSION}" -o /che

 FROM scratch
 COPY --from=builder /checker-zonemaster /checker-zonemaster
+USER 65534:65534
 EXPOSE 8080
 ENTRYPOINT ["/checker-zonemaster"]